X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=includes%2Fdata_checks.inc;h=798e84c4b5c10070a4526a2ccbc7a2ad987b0898;hb=a1362f34b92e526908042662532d8b3688f52c1b;hp=ff316953030d9c322fea21c2a7e3aced11717340;hpb=c0b985cc57f88e49f3402e1c55f7e884e55770ea;p=fa-stable.git

diff --git a/includes/data_checks.inc b/includes/data_checks.inc
index ff316953..798e84c4 100644
--- a/includes/data_checks.inc
+++ b/includes/data_checks.inc
@@ -124,7 +124,7 @@ function check_db_has_movement_types($msg)
 function db_customer_has_branches($customer_id)
 {
 	return check_empty_result("SELECT COUNT(*) FROM ".TB_PREF."cust_branch "
-		."WHERE debtor_no='$customer_id'");
+		."WHERE debtor_no=".db_escape($customer_id));
 }
 
 function db_has_customer_branches()
@@ -430,7 +430,7 @@ function db_has_quick_entries()
 
 function db_has_tags($type)
 {
-	return check_empty_result("SELECT COUNT(*) FROM ".TB_PREF."tags WHERE type=$type");
+	return check_empty_result("SELECT COUNT(*) FROM ".TB_PREF."tags WHERE type=".db_escape($type));
 }
 
 function check_db_has_tags($type, $msg)
@@ -449,7 +449,7 @@ function check_empty_result($sql)
 	$result = db_query($sql, "could not do check empty query");	
 	
 	$myrow = db_fetch_row($result);
-	return $myrow[0] > 0;	 	
+	return $myrow[0] > 0;
 }
 //
 //	Integer input check